Ransomware detection method

A technology of software detection and software, which is applied in the field of network security, can solve problems such as the dimension and complexity of interference algorithms, difficulty in detecting ransomware, and in-depth research on ransomware characteristics, achieving the effect of reducing dimensions

Inactive Publication Date: 2017-10-20
CHINESE PEOPLE'S PUBLIC SECURITY UNIVERSITY
View PDF3 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0014] In order to solve the above problems, the present invention provides a method for ransomware detection, which effectively avoids the difficulty in detecting ransomware in the prior art, the in-depth research on the characteristics of different types of ransomware, the more serious the interference of the detection results and the The defects of the constructed algorithm dimension and high complexity

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Ransomware detection method
  • Ransomware detection method
  • Ransomware detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0050] Such as Figure 1-Figure 2 As shown, the method for detecting ransomware, the method for detecting ransomware is divided into two parts executed sequentially,

[0051] Ransomware detection model training:

[0052] First of all, it is necessary to determine the training set for training the ransomware detection model. The training set is divided into two subsets: ① ransomware sample set; ② normal sample set; use the distributed sandbox to dynamically analyze the samples in the training set, and extract sandbox analysis subsequent report;

[0053] 2) Testing of the detection model of ransomware;

[0054] The feature set is established according to the feature construction algorithm, and the five-fold crossover method is used to train and test the model, and the accuracy rate is used to measure the performance of the model.

[0055] In order to ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a ransomware detection method, which is divided into two parts executed in sequence. The method comprises the following steps that: 1) training a ransomware detection model: firstly, determining a training set for training the ransomware detection model, and utilizing a distributed sandbox to carry out dynamic analysis on samples in the training set, wherein the training set is divided into two subsets including a ransomware sample set 1) and a normal sample set 2); and 2) testing the ransomware detection model: according to a feature construction algorithm, establishing a feature set, adopting a five-fold crossover method to train and test the model, and using an index with the accuracy to measure model performance. By use of the method, the defects in the prior art that ransomware is difficult in detection, the characteristics of different types of ransomware can not be deeply researched, a detected result is more and more seriously interfered and a constructed algorithm is high in dimension and complexity can be solved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for detecting ransomware. Background technique [0002] Ransomware is a type of malicious software that hackers use to hijack users' devices or resources and extort money from them as a condition. Ransomware usually encrypts various types of files in the user's system or tampers with the system configuration, interfering with the normal use of the user. Only after paying the ransom can the user obtain the password to decrypt the file or obtain the method to restore the normal use of the system. In 2016, 360 intercepted a total of 167,000 new ransomware samples on the computer side, and at least 4.97 million user computers across the country were attacked by ransomware. [0003] Ransomware is a type of malicious code. Currently, malicious code detection methods are mainly divided into static detection and dynamic detection. Static analysis extracts program feat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/53H04L29/06
CPCG06F21/53G06F21/566H04L63/145
Inventor 芦天亮龚琪曹金璇张璐
Owner CHINESE PEOPLE'S PUBLIC SECURITY UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap